From: Daniel Porter <dpreid@gmail.com>
Date: Mon, 8 Dec 2014 14:09:42 +0000 (+0000)
Subject: Only use strict transport security for the discourse domain
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=fff04d377d8a145f7378f996ebfd31d1c8d152dc;p=discourse_docker.git

Only use strict transport security for the discourse domain
---

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index f39a613..51a3dc8 100644
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -27,8 +27,8 @@ run:
        # enable SPDY header compression
        spdy_headers_comp 6;
 
-       # remember the certificate for a year and automatically connect to HTTPS
-       add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
+       # remember the certificate for a year and automatically connect to HTTPS for this domain
+       add_header Strict-Transport-Security 'max-age=31536000';
 
        gzip on;